diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-08-17 10:03:33 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-08-17 10:03:33 -0400 |
commit | 05f6a22110f058c089e4e9cd6d538264f439f5d2 (patch) | |
tree | 074e87badeb62720c98e3abf279458167722b8ed /ipa-server/xmlrpc-server | |
parent | 92be45e3fe990bb650ed0b50d175176dd2d2f484 (diff) | |
download | freeipa-05f6a22110f058c089e4e9cd6d538264f439f5d2.tar.gz freeipa-05f6a22110f058c089e4e9cd6d538264f439f5d2.tar.xz freeipa-05f6a22110f058c089e4e9cd6d538264f439f5d2.zip |
Implement user inactivation
Comment some functions
Add attribute argument to get_user()
Diffstat (limited to 'ipa-server/xmlrpc-server')
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 61 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/ipaxmlrpc.py | 1 |
2 files changed, 59 insertions, 3 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 358f04f2a..ec099badc 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -125,12 +125,28 @@ class IPAServer: return user - def get_user (self, username, opts=None): + def get_user (self, args, sattrs=None, opts=None): """Get a specific user's entry. Return as a dict of values. Multi-valued fields are represented as lists. """ global _LDAPPool ent="" + + # The XML-RPC server marshals the arguments into one variable + # while the direct caller has them separate. So do a little + # bit of gymnastics to figure things out. There has to be a + # better way, so FIXME + if isinstance(args,tuple): + opts = sattrs + if len(args) == 2: + username = args[0] + sattrs = args[1] + else: + username = args + sattrs = None + else: + username = args + if opts: self.set_principal(opts['remoteuser']) if (isinstance(username, tuple)): @@ -146,7 +162,7 @@ class IPAServer: filter = "(uid=" + username + ")" try: m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn) - ent = m1.getEntry(self.basedn, self.scope, filter, None) + ent = m1.getEntry(self.basedn, self.scope, filter, sattrs) _LDAPPool.releaseConn(m1) except ldap.LDAPError, e: raise xmlrpclib.Fault(1, e) @@ -156,7 +172,10 @@ class IPAServer: return self.convert_entry(ent) def add_user (self, user, user_container="ou=users,ou=default",opts=None): - """Add a user in LDAP""" + """Add a user in LDAP. Takes as input a dict where the key is the + attribute name and the value is either a string or in the case + of a multi-valued field a list of values. user_container sets + where in the tree the user is placed.""" global _LDAPPool if (isinstance(user, tuple)): user = user[0] @@ -372,3 +391,39 @@ class IPAServer: return res except ldap.LDAPError, e: raise xmlrpclib.Fault(1, str(e)) + + def mark_user_deleted (self, args, opts=None): + """Mark a user as inactive in LDAP. We aren't actually deleting + users here, just making it so they can't log in, etc.""" + global _LDAPPool + + uid = args[0] + + if opts: + self.set_principal(opts['remoteuser']) + + try: + proxydn = self.get_dn_from_principal(self.princ) + except ldap.LDAPError, e: + raise xmlrpclib.Fault(1, e) + except ipaserver.ipaldap.NoSuchEntryError: + raise xmlrpclib.Fault(2, "No such user") + + try: + user = self.get_user(uid, ['dn', 'nsAccountlock'], opts) + except ldap.LDAPError, e: + raise xmlrpclib.Fault(1, str(e)) + + # Are we doing an add or replace operation? + if user.has_key('nsaccountlock'): + has_key = True + else: + has_key = False + + try: + m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,proxydn) + res = m1.inactivateEntry(user['dn'], has_key) + _LDAPPool.releaseConn(m1) + return res + except ldap.LDAPError, e: + raise xmlrpclib.Fault(1, str(e)) diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 7d8529d28..03340ca5f 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -285,6 +285,7 @@ def handler(req, profiling=False): h.register_function(f.get_all_users) h.register_function(f.find_users) h.register_function(f.update_user) + h.register_function(f.mark_user_deleted) h.handle_request(req) finally: pass |